Organizational Challenges in Cloud Adoption and ... By Sneha Rajendran

Organizational Challenges in Cloud Adoption and Enablers of Cloud Transition Program
By
Sneha Rajendran
Post Graduate Diploma in Management, XLRI School of Business and
Human Resources, 2011
SUBMITTED TO THE MIT SLOAN SCHOOL OF MANAGEMENT
IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE
DEGREE OF
MASTER OF SCIENCE IN MANAGEMENT STUDIES
AT THE
MASSACHUSETTS INSTITUTE OF TECHNOLOGY
JUNE 2013
MASSACHOSETTS INSTfl1UriE
OF TECHNOLOGY
MAY 3 0 2013
© 2013 Sneha Rajendran. All Rights Reserved.
The author hereby grants to MIT permission to reproduce and to
distribute publicly paper and electronic copies of this thesis document in
whole or in part in any medium now known or hereafter created.
LIBRARIES
Signature of Author:
Sneha Rajendran
MIT Sloan School of Management
May 10, 2013
Certified By:,
--
-I-
I1
-
Stuart E. Madnick
John Norris M aguire Professor of Information Technologies, MIT Sloan School of Management &
Professor of Engineering Systems, MIT School of Engineering
Thesis Advisor
Accepted By:
I
.
U)
Michael A. Cusumano
SMR Distinguished Professor of Management
Program Director, M.S. in Management Studies Program
MIT Sloan School of Management
1
Organizational Challenges in Cloud Adoption and Enablers of Cloud Transition Program
By
Sneha Rajendran
Submitted to the MIT Sloan School of Management on May 10, 2013 in
partial fulfillment of the requirements for the degree of Master of
Science in Management Studies
ABSTRACT
With the proliferation of cloud computing, organizations have been able to get access to never seen before
computing power and resources. Cloud computing has revolutionized the utilization of computing
resources through automatic provisioning and release, fostered greater collaboration among the
stakeholders in the organization and improved the overall business performance. The implementation of
cloud in an organization however brings in changes in the IT and business operations. These shifts pose
challenges related to governance, security, dependency and changes in the roles and responsibilities of
employees working in the business and IT functions of the organization. This study looks into some of the
challenges an organization moving to the cloud faces and using an example of a large financial institution,
tries to determine the organizational structures and processes that facilitate and enable a smooth
transformation.
The paper also illustrates the interaction between the different factors that influence cloud adoption using
the system dynamics approach. A set of causal loops that demonstrates the relationship between the
different factors has been developed. The effects of these loops have then been aggregated and an
abstracted version of an adoption model has been developed.
Based on the findings from research articles, existing organizational literature and the case of the large
financial institution conclusions have been drawn from an organizational, managerial and non-managerial
employee perspectives.
Thesis Advisor: Stuart E. Madnick
Title: John Norris Maguire Professor of Information Technologies, MIT Sloan School of Management &
Professor of Engineering Systems, MIT School of Engineering
3
[Page intentionally left blank]
4
ACKNOWLEDGEMENTS
First of all, I would like to thank my advisor Dr. Stuart Madnick for advising me and giving me an
opportunity to work on this interesting problem. He had been a great source of support and guidance
through my time here at MIT Sloan. A sincere thanks also goes to Dr. Allen Moulton, Research Scientist
at the MIT Engineering Systems Division for his great insights, constant feedback and continuous
encouragement, which was invaluable. The exchange of ideas from our frequent interactions and the
pointers to various articles and journals he has sent helped me greatly in formulating the problem
statement and coming up with a sound analysis.
I would like to specially thank James Houghton, Research Associate at MIT Sloan for his great insights
and critical feedback in conceptualizing my system dynamics model and analyzing the simulation results.
I would also like to thank all the members of Dr. Madnick's research group for their continuous feedback
and support.
This effort would definitely not have been possible without the support of the wonderful Masters in
Management Studies (MSMS) community led by Chanh Q Phan and Julia Sargeaunt and all my
classmates who constantly encouraged and motivated each other to excel. We had numerous events, boot
camps and forums to facilitate exchange of ideas, which was immensely helpful. A special thanks also
goes to the MSMS Program Director Dr. Michael A. Cusumano for giving me an opportunity to
participate in this wonderful program and be a part of the MIT Sloan Community. The time spent here
was truly a transformative experience and I had the pleasure of learning from some of the greatest minds
in management studies.
Last but not least, I would like to thank my parents and my brother for supporting my academic endeavors
and giving me full freedom to pursue my interests and my husband, who is a constant source of support
and encouragement in all my undertakings.
5
[Page intentionally left blank]
6
TABLE OF CONTENTS
AB STR A CT .............................................................................................................................................................
3
A CKN O W LE D GEM E NTS .................................................................................................................................
5
1. IN T ROD U C TIO N .............................................................................................................................................
9
2. LITE R A T U RE REVIEW .............................................................................................................................
STAKEHOLDER THEORY ....................................................................................................................................................
RESOURCE D EPENDENCY THEORY ................................................................................................................................
A GENCY THEORY.................................................................................................................................................................10
IT G OVERNANCE THEORY.................................................................................................................................................11
ENDOW M ENT EFFECT AND STATUS QUO BIAS ...........................................................................................................
O UTSOURCING ......................................................................................................................................................................
3. C L OU D C O M PU T IN G .................................................................................................................................
D EFINITION ............................................................................................................................................................................
BENEFITS OF CLOUD............................................................................................................................................................17
CHALLENGES IN CLOUD ADOPTION................................................................................................................................
10
10
10
12
12
14
14
17
4. CASE OF A LARGE FINANCIAL INSTITUTION MOVING TO HYBRID CLOUD.......20
ORGANIZATIONAL CHANGES IN HYBRID CLOUD DEPLOYMENT .......................................................................
ANALYSIS USING INFORMATION SYSTEMS AND ORGANIZATIONAL THEORIES ..........................................
5. SYSTEMS MODEL OF CLOUD ADOPTION ..................................................................................
INTRODUCTION TO SYSTEM D YNAM ICS.......................................................................................................................
SYSTEM S M ODEL OF CLOUD A DOPTION......................................................................................................................
SIM PLIFIED MODEL AND SIM ULATION RESULTS .................................................................................................
6. C O N C LU SIO N ...............................................................................................................................................
25
27
32
32
33
41
45
ORGANIZATIONAL IM PLICATIONS..................................................................................................................................45
MANAGERIAL IMPLICATIONS...........................................................................................................................................45
N ON-M ANAGERIAL IMPLICATIONS................................................................................................................................46
7. FU TU RE W O RK ............................................................................................................................................
47
8. R E FERE N C E S................................................................................................................................................
48
7
LIST OF FIGURES
FIGURE
FIGURE
FIGURE
FIGURE
1:PUBLIC CLOUD DEPLOYMENT MODEL I ..................................................................................
15
2: PUBLIC CLOUD DEPLOYMENT MODEL 11...............................................................................
15
3: STRUCTURE OF IT ORGANIZATION..........................................................................................
21
4: IT GOVERNANCE ARRANGEMENT MATRIX AT THE LARGE FINANCIAL INSTITUTION (BEFORE
200 1) (WEILL & ROSS, 2004).............................................................................................................
FIGURE 5: IT SHARED SERVICES AT THE LARGE FINANCIAL INSTITUTION .............................................
FIGURE 6: NEW IT GOVERNANCE ARRANGEMENT MATRIX AT THE LARGE FINANCIAL INSTITUTION
(AFTER 2001) (W EILL & Ross, 2004) ............................................................................................
FIGURE
FIGURE
FIGURE
FIGURE
FIGUR E
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
7: COMPONENTS OF SYSTEMS MODEL ........................................................................................
8: REINFORCING AND BALANCING LooPs ..................................................................................
9: REDUNDANCY REDUCTION ........................................................................................................
10: ENDOW M ENT EFFECT BIAS ...................................................................................................
11: O W NER SHIP R ISK S....................................................................................................................
12: OW NERSHIP RISK M ITIGATION .............................................................................................
13: IMPACT OF OUTSOURCING ON CONTROL RIGHTS, COST AND ACCESS TO EXPERTS ...............
14: LABOR DYNAMICS RESULTING FROM OUTSOURCING..........................................................
15: DEPENDENCY RISKS FROM OUTSOURCING...........................................................................
16: O N THE JOB LEARNIN G ............................................................................................................
17: A SYSTEMS MODEL OF CLOUD ADOPTION...........................................................................
22
23
23
32
32
34
34
35
36
38
39
40
41
42
LIST OF GRAPHS
GRAPH 1: BEHAVIOR OF ADOPTION WHEN IMPACT OF ADOPTION HIGH AND INITIAL MANAGEMENT
SUPPO R T HIG H .....................................................................................................................................
GRAPH 2: BEHAVIOR OF MANAGEMENT SUPPORT WHEN IMPACT OF ADOPTION HIGH AND INITIAL
MANAGEM EN T SUPPORT HIGH ............................................................................................................
GRAPH 3: BEHAVIOR OF ADOPTION WHEN IMPACT OF ADOPTION HIGH AND INITIAL MANAGEMENT
SUPPO R T L O W .....................................................................................................................................
GRAPH 4: BEHAVIOR OF MANAGEMENT SUPPORT WHEN IMPACT OF ADOPTION HIGH AND INITIAL
MANAGEM EN T SUPPORT LOW .............................................................................................................
GRAPH 5: BEHAVIOR OF ADOPTION WHEN IMPACT OF ADOPTION LOW AND INITIAL MANAGEMENT
SUPPO R T H IG H .....................................................................................................................................
GRAPH 6: BEHAVIOR OF MANAGEMENT SUPPORT WHEN IMPACT OF ADOPTION LOW AND INITIAL
MANAGEM EN T SUPPORT HIGH ............................................................................................................
GRAPH 7: BEHAVIOR OF ADOPTION WHEN IMPACT OF ADOPTION LOW AND INITIAL MANAGEMENT
SUPPO R T L O W .....................................................................................................................................
GRAPH 8: BEHAVIOR OF MANAGEMENT SUPPORT WHEN IMPACT OF ADOPTION LOW AND INITIAL
MAN A GEM EN T SUPPO RT LO W ..................................................................................................................................................
8
43
43
43
43
44
44
44
44
1. INTRODUCTION
Technology is increasingly being used by organizations across industries to enable and improve their
business performance. One of the technological innovations that has revolutionized the way people and
businesses work in today's world is cloud computing. Organizations are increasing their consumption of
cloud based services for a myriad of reasons - embracing new business opportunities, improving their
current business performance, responding to crisis situations, changing their current business model and
so forth. Irrespective of the motivation to adopt cloud, it is interesting to note that the transition from
legacy IT systems to cloud is complex and a concerted approach from multiple parties within the
organization is required to extract the benefits of cloud based services.
This study starts by looking into existing literature on organizational and information systems research.
The theories provide a framework of factors that will later be used to analyze cloud deployment in
organizations. Chapter 2: Literature Review, explains the theories that relate to the challenges in the
cloud adoption program both from an organizational as well as an individual employee's perspective.
Some of the theories that are relevant to the organizational problems of cloud adoption are: Stakeholder
theory, Agency theory, Resource Dependency theory, IT Governance theory and Outsourcing theory.
Additionally, Daniel Kahneman's and Amos Tversky's work on loss aversion, endowment effect and
status quo bias are used to explain the resistance towards cloud adoption by stakeholders within the
organization.
Chapter 3: Cloud Computing, gives a brief overview about cloud computing, the benefits of moving to
the cloud and the risks and roadblocks an organization will face in the process of implementing the cloud
adoption program. Using data from the theories, research and practitioner articles of the previous two
chapters, in Chapter 4: The case of a Large Financial Institution (LFI) that recently moved to cloud is
examined. The transformations in the IT function of the LFI over a period of 10 years are analyzed and
the organizational structures and processes that facilitated a smooth transition to the cloud are determined.
Based on the observations and insights obtained from the case, theories and practitioner articles, in
Chapter 5: Systems Model of Cloud Adoption, a systems model that captures the interactions between
the various factors is mapped out and the key levers in the cloud implementation process are identified.
Using the comprehensive analysis done in the paper, the organizational, managerial and non-managerial
implications of cloud adoption are captured in the conclusion chapter.
9
2. LITERATURE REVIEW
This chapter examines the theories and phenomenon used later in the thesis to analyze the organizational
change and the dynamics that result between the stakeholders within and outside the organization as a
result of cloud adoption. The subset of organizational and information systems theories that are
considered are - Stakeholder theory, Resource Dependency theory, Agency theory and IT Governance
theory. In addition, the impact of endowment effect, status quo bias and factors influencing outsourcing
are also studied.
Stakeholder Theory
As per Mitchell et al, there are three attributes that define the salience and criticality of the claims made
by the members of an organization. The three attributes are power, legitimacy and urgency. Power defines
the relationship between two social actors and the extent to which one can influence the other. Legitimacy
defines the degree to which the claims proposed by the stakeholder are in conformation with the accepted
norms and rules. Urgency is the extent to which the claims made by the stakeholders need immediate
action. The combination of the attributes possessed by a stakeholder will determine the importance of the
claims; and in case of competing stakeholder claims, the power, legitimacy and urgency wielded by a
stakeholder will enable prioritization of the claims and choose the one that needs to be addressed first.
The theory however notes that the level of power, legitimacy and urgency held by the stakeholders is not
absolute. This dynamism results in the evolution of relationship between the stakeholders and thereby the
saliency and the criticality of the claims made (Mitchell, Agle, & Wood, 1997).
Resource Dependency Theory
The resource-based theory takes an inward looking approach to a firm by identifying those resources and
capabilities that differentiate a firm from others in the industry (Wernerfelt, 1984; Wernerfelt, 1995). The
unique resources are considered to be a source of power and pivotal in creating competitive advantage to
the firm. However not all firms have the resources needed to meet its requirements and as a result become
dependent on sources external to the organization to their demands. This need to procure resources from a
third party results in the formation of a relationship between the buyer and seller of a resource thereby
creating interdependence between the two parties involved (Pfeffer & Salancik, 2003). As noted in the
resource based view of the firm, possession of certain resources create a notion of power; when an
organization is dependent on another firm for certain resources, it creates a power imbalance and the two
parties form interdependent relationships. (Casciaro & Piskorski, 2004).
It is interesting to note that the importance of the resource, the availability of substitutes and alternatives
to the resource and the cost of switching between the suppliers of the resource characterize the
dependence of one organization on the other. Organizations that are dependent on third parties for certain
resources are cognizant of the interdependence and the imbalance in power; and as a way to mitigate the
risks, form contracts and relationships with multiple vendors. Certain organizations also resort to
cooptation models like joint ventures, mergers and acquisitions to reduce uncertainty and other risks
associated with power imbalance and interdependence (Pfeffer & Salancik, 2003).
Agency Theory
The principal agent theory is another organizational theory that can be used to study the interactions
between two parties - principal and agent. Principal is the party that delegates work to the agent who then
performs the task for the principal (Jensen & Meckling, 1976). The theory suggests that there is
asymmetric information between the principal and the agent, causing the agent to behave in a manner that
maximizes its own interests rather than that of the principal. As per Kathleen M. Eisenhardt, in any
10
principal agent relationship - outcome uncertainty, risk aversion by principal and agent, inability in
predicting the behavior of the agent, measurability of the outcome and length of the contract form crucial
factors in defining the relationship between the two parties(Eisenhardt, 1989).
Extending the transaction cost economics theory to the above observation, the agency costs that a
principal incurs can be classified into: (1) Search costs: The principal invests time and resources in the
search phase to ensure the quality of services provided by the agent. To reduce the uncertainty and the
dependence on a single agent, the principal diversifies its risks by forming contracts with multiple agents.
These actions involve time, effort and investment of resources for the principal. (2) Bargainingcosts: To
ensure measurability, the principal will prefer outcome-based rather than behavior-based contract. The
contract will clearly spell out the standards of performance expected along with the time period for which
the contract can be enforced. This requirement results in negotiation between the two parties involved and
the principal will incur bargaining costs. (3) Policingand enfbrcing costs: These are the costs incurred to
reduce risks and ensure that both the parties abide by the terms and conditions stipulated in the contract
(Dahlman, 1979; Eisenhardt, 1989; Rindfleisch & Heide, 1997).
IT Governance theory
According to Peter Weill, "IT Governance helps in specifying the decision rights and accountability
framework to encourage desired behavior in the use of IT" (Weill & Ross, 2004). An IT governance
structure is important because, IT in addition to being expensive and all pervasive within an organization
has the potential to help organizations identify new business opportunities. A governance structure will
help an organization maximize the benefits from the IT investments and improve the overall
organizational understanding about IT (Weill & Ross, 2004).
The IT related decision-making within an organization can be classified into five categories
(Weill &
Ross, 2004)
1. IT Principles: This decision includes defining the IT roadmap for the organization. To elaborate,
the IT principles define the objectives and goals of the IT function against each of roles
performed by the function. For instance, it will include the goal for the IT spend within the
enterprise, new applications that will be rolled out, changes that will be made in the existing IT
architecture and infrastructure.
2.
IT Architecture: The key role of IT Architecture is to enforce the desired level of data and
process standardization in the IT function and also define the technology that will facilitate the
achievement of targets set in the IT principles.
3.
IT Infrastructure: IT infrastructure is the building block of the IT function within an
organization and includes hardware components (like workstations, laptops, tablets, servers),
software, business application tools (like customer relationship management systems, supply
chain management systems, HR systems, finance and the like). The decisions relating to IT
infrastructure include budgeting and investment decisions, maintenance of existing systems and
decisions related to ensuring security and mitigating risks in the existing IT infrastructure.
4.
Business Application Needs: All the five IT decisions relate to how businesses can effectively
use IT to create additional value. But this specific decision focuses exclusively on what new
applications can be developed to created additional value to the customers. This decision-making
requires a balance between creativity and discipline, because creativity helps in thinking out of
the box and coming up with innovative ways of introducing IT solutions while discipline helps in
ensuring the creative solutions are in compliance with the standards and norms enforced within
the organization.
11
5.
IT Investments: The decisions related to IT investments are threefold - determining the IT
budget for the organization, prioritizing and identifying the IT projects in which the money can be
spent and balancing the needs of the different businesses and processes.
The group of people responsible for driving the above decisions can be classified into the following
organizational archetypes. They can be responsible for either driving the final decision or providing input
that facilitates the decision making process (Weill & Ross, 2004).
1.
Business Monarchy: In this archetype, the decision rights are concentrated among a group of
business or individual executives, and may include the CIO. Executives from the IT team can also
be part of the committee that makes the decisions but these IT executives cannot act
independently.
2.
IT Monarchy: This archetype comprises of individuals from the IT function and they are
responsible for driving all IT related decision-making.
3.
Feudal: In the feudal archetype, each business unit, process owner has its own IT function and
make independent decisions.
4.
Federal: In the federal model, business leaders, C-level executives from the corporate and IT
executives work together to define the IT roadmap and drive the IT decisions.
5. IT Duopoly: In the IT Duopoly model, the IT function works in cohesion with another group business unit or process owner or corporate executive to meet the IT requirements.
6.
Anarchy: This is an extreme case where each individual employee within the organization has
the autonomy to define and execute the IT requirements.
Endowment effect and status quo bias
According to psychologists Daniel Kahneman and Amos Tversky, when human beings are presented with
choices their behavior can be characterized using four factors. First, when evaluating the alternatives,
people use a subjective approach rather than an objective one. Second, people use the existing product
or the service as their frame of reference and compare the alternatives based on the attributes of the
current product or service. Third, based on the comparison if there are any enhancements in the new
product or service, people perceive it as a gain and if there are any disadvantages, people perceive it as a
loss. Finally, people are loss averse (i.e.) losses leave a negative impact in the minds of the people. This
loss aversion effect causes people to value the products, services and other materials they currently
possess more than the alternatives, resulting in a behavior called endowment effect (Kahneman, Knetsch,
& Thaler, 1990; Kahneman, Knetsch, & Thaler, 1991; Thaler, Tversky, Kahneman, & Schwartz, 1997;
Tversky & Kahneman, 1991). Kahneman and Tversky's loss aversion theory can also be used to explain
the status quo bias that some people demonstrate. When people are accustomed to using certain products
or services, their willingness to give up the existing product/service even for a better alternative decreases
with time (Samuelson & Zeckhauser, 1988). In this thesis, the above theories and phenomena are used to
analyze the different behaviors stakeholders demonstrate when the decision to move to cloud is made.
Outsourcing
Another theory that is relevant in cloud adoption is outsourcing. Certain aspects of cloud operations are
analogous to an outsourcing model and hence it is important to understand the strategic implications of
adopting cloud-based services. According to a study conducted by Nabeel A.F. Al Qirim, the main
reasons an organization opts for outsourcing specific services are access to experts, get higher quality
service from the outsourcer, access to new technology and cost reduction (Al-Qirim, 2012). Although it is
12
commonly perceived that lack of in-house capability or skills is one of the primary reasons for availing
services from a third party, it is interesting to note that this factor was not one of the top five drivers of
outsourcing. Other motivations for outsourcing include gaining competitive advantage, rolling out new IT
projects in a short period of time and organizational restructuring and downsizing.
Al Qirim also studied the situations when organizations prefer the outsourcing model. Easy access to
additional capacity is one of the primary motivators of outsourcing; this is followed by crisis situation in
the external environment that pushes companies to opt for outsourcing as a means to reduce cost.
Additionally, availability of new technology or software in the market and incapacity of the internal staff
to perform the task cause organizations to seek help from external environment. Thus there are several
advantages that an organization can benefit from by opting to outsource. However, the outsourcing model
poses certain challenges and it is important that organizations exercise caution to the following: (1)
sufficient due diligence both in the choice of the supplier and the product/service offered (2) drafting the
contract effectively and ensuring there are provisions to address under-performance/non-performance by
the supplier (3) sufficient funds to pay the service provider (4) avoiding over dependence on a single
outsourcer and (5) building adequate skills in vendor management which includes contract negotiation,
conflict management (Al-Qirim, 2012).
The theories that have been briefed in this chapter will be used later in this paper to analyze and identify
the key factors that influence cloud adoption programs in organizations. The next chapter gives a brief
overview about cloud computing, the various deployment and service models that are available, the
advantages of cloud systems and finally the challenges they pose.
13
3. CLOUD COMPUTING
There are several definitions of cloud computing that exist in today's literature and research papers. This
paper uses the definition proposed by National Institute of Standards and Technology, as it closely
mirrors the characteristics of cloud and the unique advantages cloud provides over other IT systems.
Definition
In September 2011, the National Institute of Standards and Technology (NIST) defined cloud computing
as "a model that provides ubiquitous, convenient, on-demand network access to a shared pool of
computing resources like servers, networks, storage, applicationsand services with minimal management
efbrt and service provider interaction" (Mell & Grance, 2011). According to Mell and Grance, cloud
poses five characteristics namely:
1. On-demand self-service and elasticity: Depending on the demand for resources, the user can
rapidly provision as well as release the resources.. Based on the resource requirements, a user can
automatically provision as well release the computing resources with minimum involvement of
the service provider.
2.
Broad network access: The resources on the cloud can be accessed from anywhere over the
network and using multiple platforms like mobile, tablets, laptops and workstations.
3.
Resource pooling: Cloud is based on a multi-tenant model where the resources are pooled and
assigned to multiple users depending on the demand for these resources.
4.
Measured service: The user can easily monitor the utilization of the computing resources. The
user in addition can track, report and optimize the usage of the computing resources.
The NIST report on Cloud Computing definition also describes the deployment and service models of
cloud (Mell & Grance, 2011). According to Mell and Grance there are four types of cloud deployment
models, namely:
1. Private: In the private cloud deployment model, the cloud services are deployed exclusively for
the use of consumers within the organization. The cloud infrastructure will be managed by the
internal IT function within the organization or by an external cloud service provider or a
combination of both. This model is typically used when organizations have sensitive data and are
skeptical of hosting their information on a third party's infrastructure.
2.
Community: In the community cloud deployment model, the cloud services are provisioned for a
community of users from multiple organizations that have a shared concern. Here again, the cloud
infrastructure can be managed by the internal IT function of the organizations that are part of the
community or by an external cloud service provider or a combination of This model is typically
used when the organizations in the community are working towards a common mission and could
benefit from sharing the cloud services among them.
3.
Public: In the public cloud deployment model, the cloud service is provided for the use of the
general public. In this case the service provider manages the cloud infrastructure and the
infrastructure exists on the service provider's premises. This model is used when the organization
wants to leverage on the expertise of a cloud service provider and wants to deploy the cloud
environment at the earliest.
a. Forms of public cloud deployment
In the implementation of public cloud, two main stakeholders - business and enterprise IT
organization are considered. When going for the public cloud, businesses have two choices - (1)
14
approach the cloud service provider directly bypassing the internal IT organization or (2)
approach the cloud service provider through the internal IT organization. Depending on the
medium used, the internal processes, responsibilities and skillsets of the employees go through a
change (Goles & Chin, 2005; Grover, Cheon, & Teng, 1995).
Consider the first case where the business deals directly with an external cloud provider. This
option is used when the business is not satisfied with the quality of service provided by the
enterprise IT team and approaches a third party vendor to meet its IT needs. As indicated in
Figure 1, businesses communicate directly with the vendors for their cloud requirements, some of
the existing roles within the IT function are exposed to the risk of becoming obsolete. In addition
there is a cultural shift within the organization as there is a change in the control rights, decision
rules and governance structure because decisions related to cloud operations are completely
handled by the businesses and the IT has little role to play.
Business
Cloud Service Provider
K2-
Figure 1:Public Cloud Deployment Model I
Changes in the roles and responsibilities: As the businesses deal with the external cloud service
provider, they are now responsible for vendor management - evaluation of vendors, drafting
contracts, identifying potential risks and the means to mitigate them. Businesses are also liable of
ensuring data security and compliance of all rules and regulations by third party. They are also
accountable for overseeing the cloud operations and monitoring the performance of the cloud
services. To meet the above-mentioned changes in the responsibilities of businesses, the
employees need to develop new skills - sourcing of vendors, contract management, IT risk
assessment and cloud operations. This could cause certain stakeholders to resist the change
especially among those who lose certain rights and privileges they were previously endowed with
Changes in the internalprocesses: In this option, as the business bypasses the internal IT team, it
is the main driver of IT decisions such as identification of IT requirements, implementation of IT
projects for the business and IT investments. In addition, all processes related to co-ordination
with the external cloud provider will be directed through the business.
Next, the scenario where the business uses the IT organization within the enterprise to look for an
appropriate cloud service provider, as depicted in Figure 2 is examined. This is used when the
internal IT organization doesn't have the necessary skills in cloud operations and the business
would like to leverage on the external expertise with the help of the internal IT organization.
Business
Internal IT
Organization
Figure 2: Public Cloud Deployment Model II
15
<-
Cloud Service Provider
Unlike the previous case where the IT organization cedes most of its control either to business or
cloud vendor, here the IT retains partial if not complete control over the IT resources of the firm.
Depending on the cloud service opted for - SaaS/PaaS/IaaS the extent of shift in control varies.
Regardless of the kind of service, the move to cloud brings in changes of existing roles with some
roles becoming irrelevant. Also the adoption of cloud purports changes in business processes,
decision rules, governance structure and challenge the status quo in the existing organization.
This could cause certain stakeholders to resist the change and this defiance will be manifested
more among the stakeholders who lose certain rights and privileges they were previously
endowed with.
Changes in the roles and responsibilities: As the IT organization serves as the interface between
businesses and third party cloud providers, the responsibilities of establishing vendor
relationships, evaluating vendors, formalizing contracts and overseeing the services provided by
the third party fall under the ambit of the IT organization. To meet the demands of cloud
environment the IT function should have a sound understanding of the different businesses within
the organization, the processes and tasks within each of these businesses and how the actions of
one business impacts the other businesses, functions and the overall enterprise. The IT function
also needs to ensure data security and compliance with all rules and regulations. They are also
accountable for overseeing the cloud operations and monitoring the performance by tracking
cloud efficiency - (i.e.) determining if the company is getting the most value from its cloud
investments, understanding cloud economics and driving for cost efficiency.
Changes in the internal processes: In this option, the business is still the main driver of the
decisions relating to IT solutions. Hence the tasks related to making strategic choices as well as
implementation of IT activities within the organization will be routed through the business. On
the other hand, the IT function will serve as an interface between the business and the third party
and will monitor the operations and efficiency of the system. Using their expertise in technology,
the internal IT team will actively engage in identifying the IT needs of the businesses and partner
with the external cloud provider to deliver the same. Thus any task that involves co-ordination
between the third party and the business will be handled by the IT function.
4.
Hybrid: In the hybrid cloud deployment model, the organization makes use of a combination of
private, public and community deployment models. An organization that uses a hybrid model has
a separate cloud infrastructure for each of the deployment models used and enforces technology
standards to enable data and application portability across the deployment models. This
combination model is used by organizations that have both heavily regulated businesses where
security and compliance to standards is of paramount importance and also businesses that are
outside the regulatory bodies. Additionally, an organization that has private cloud as its primary
model can make use of cloud based services provided by a third party when there are sudden
surges in workload and when there is a need for additional processing capacity on a temporary
basis.
For the purposes of discussion, this thesis refers to the private, public and hybrid cloud deployment
models.
Next, the three types of cloud service models are discussed (Mell & Grance, 2011):
1.
Infrastructure as a Service (IaaS): It enables users to provision processing, network, storage and
other basic computing resources. The user does not have control over the cloud infrastructure but
has control over the operating systems, applications and other storage components on the
infrastructure.
16
2.
3.
Platform as a Service (PaaS): The user can deploy applications (both user-created and off the
shelf applications) on the cloud infrastructure. The user has control only over the applications and
not on the infrastructure, operating systems, servers and other storage components.
Software as a Service (SaaS): The consumer makes use of the applications deployed by the
provider in the cloud infrastructure over a thin or think client. The user cannot control the cloud
infrastructure, operating systems, servers or the applications, although in certain cases, the user is
allowed to make changes to the configuration of the applications.
Thus, the previous sections examined the definition, characteristics, deployment and service models of
cloud. In the next section, the benefits of cloud computing and the challenges an organization will face
when adopting cloud based services are discussed.
Benefits of cloud
Based on the five characteristics of cloud discussed previously, an organization can realize the following
benefits by moving to the cloud (Armbrust et al., 2010).
1. Agility: The on-demand self-service capability allows users to automatically provision and
release the computing resources thereby resulting in an IT system that is nimble and able to meet
the computing and storage requirements of the businesses.
2.
Accessibility: The broad based network access allows users to access the computing resources
from anywhere in the network using multiple devices, thus bringing in location and device
independence.
3.
Utilization: The elastic nature of cloud computing allows users to rapidly provision and release
resources based on business demands. This elasticity improves the utilization of the resources and
increases the efficiency of the IT systems.
4.
Cost: Cloud improves resource utilization and as a result the users pay only for what they use.
This subscription based model combined with resourcing pooling let businesses share the costs
thereby bringing down the overall costs in managing and maintaining cloud systems.
5.
Performance: The measurability aspect of cloud brings in transparency and allows the users to
constantly monitor and report the usage of the computing resources. This helps the users as well
as the service providers to track the performance of cloud-based services. In addition, since the
resources are shared with multiple users, maintenance of these systems becomes easy.
Challenges in cloud adoption
Although there are several benefits in moving to the cloud, introduction of cloud services in an
organization possesses certain challenges.
1. Scope and Understanding of Cloud: Cloud could mean different things to different people and
their motivation to adopt cloud could vary. The perception of cloud can be a way to
a.
Reduce cost as a result of poor business performance or an external crisis
b.
Change the current business model
c.
Address performance gaps in the IT system
d.
Embrace a new business opportunity/technology
Thus depending on the understanding and motivation of the stakeholders the level of commitment to
embrace cloud will differ.
17
2.
Misalignment and Conflict of Goals
a.
Interest mismatch: The real benefits of cloud can be achieved when there is centralization
of the IT function across the enterprise. However in an organization each business
perceives itself as unique with distinct IT requirements and may not want to adopt the
cloud.
b. Not invented here syndrome: In the case of public cloud, the cloud infrastructure is
hosted and managed by the service provider. This introduces a bias in the minds of the
people in the IT function, as they do not want to use the services developed by a third
party.
c.
Shiny ball efect: Some stakeholders within the organization would want to adopt the
cloud, as they perceive it as the next shiny ball in the technology space. They believe it to
be a solution for their current technology challenges without much due diligence in
analyzing the costs and benefits of adopting it, at times even ignoring the real problem.
3.
Quantifying and Balancing Benefits and Costs: One of the essential characteristics of cloud is
that it provides measured services where the performance of the cloud can be easily tracked.
Based on recent research, cloud maturity models have been developed to define the cloud
readiness of an organization'. It can be observed that, by centralizing the IT services, improving
competence in vendor management and cloud operations, and introducing IT governance
structures an organization can realize higher benefits through cloud. These archetypes however
get developed over a long run and sustaining the commitment and motivation levels of the
employees during this period could be a challenge.
4.
"Worse-before-better" Trap: When an organization takes the initiative of moving to cloud, it
needs to dedicate some of it existing resources- time, people and finances to building the cloud
environment. This could create a decrease in the productivity and efficiency of the existing work,
as the resources need to be shared between the current and new project (i.e. cloud). In addition, it
takes time for employees to learn the new practices and processes related to cloud and could take
a while before the organization realizes the actual benefits of cloud.
5.
Issues Related to Standardization: The broad network access characteristic of cloud allows
users to access computing resources from anywhere using heterogeneous platforms like mobile,
tablets, workstations and laptops. To facilitate such a seamless accessibility, there needs to be
standardization of applications, programming language, and storage across the platforms.
6.
Issues Related to Governance and Security
a.
IT Governance: A cloud model brings in interactions between multiple parties and in
certain cases, as a precursor to cloud adoption, an organization can introduce IT shared
services model. These situations mandate that a governance mechanism be put in place to
clearly specify and communicate where the key decision making related to IT happens. In
absence of such mechanisms, there could be ambiguity in decision rights resulting to
lower performance of the cloud system and the organization.
b.
Datasecurity: Another issue with cloud is ensuring the security of the information hosted
in a third party's network. This is especially relevant in a public/hybrid cloud scenario
where the cloud infrastructure is hosted and maintained in the service provider's
premises. Even in a private cloud, an organization can enforce rules that limit the
visibility of data and information to ensure security.
1 Assess your Cloud Maturity, Vanessa Alvarez, James Staten and Jessica McKee, May 2012
18
7.
Issues related to inter-organizational dependence: In the case of public and hybrid cloud, the
dependence on third parties for cloud-based services can result in loss of control rights for
employees of the organization. In addition, the service provider exposes the enterprise adopting
public based cloud, to the risk of non-compliance of standards of performance.
8.
Issues related to intra-organizational dependence: The change in IT governance mechanisms
can bring in change of decision and control rights among the stakeholders within the
organization. This increases chances of conflict between the stakeholders, pushbacks and
attempts to work around the new governance structure. Thus having a strong leadership support
with clear direction will help in the transition process.
9.
Skill development: With the introduction of cloud, an organization needs to invest in two types
of skill development. One is the competence in contract management, as the public and hybrid
cloud deployment models involve interaction with third party cloud providers. The members
within the organization need to be skilled to handle any exigency involving the cloud service
provider. Another set of training is needed to facilitate employees within the organization to
acclimate themselves with the new business processes and governance structures.
10. Budget and Financial Constraints: The last but the most important challenge is to determine
where the financing for the cloud introduction program comes from. The organization needs to
have a strong business case to support the adoption of cloud and also forecast the benefits
achieved by deploying cloud-based services in the organization.
Thus from this chapter, it can be observed that although the cloud brings in several operational and
financial efficacies, it poses certain challenges at an organizational as well as individual employee's level.
Keeping this in mind, organizations need to take steps that enable them to overcome the roadblocks and
ensure the organization is able to reap the benefits of cloud. The next chapter uses an example of a large
financial institution, and tries to understand their motivations to embrace hybrid cloud technology, the
organizational changes that were implemented to support the cloud transition, the resistances the
organization faced and the steps taken to overcome them.
19
4. CASE OF A LARGE FINANCIAL INSTITUTION MOVING TO HYBRID CLOUD
In the previous chapters a brief overview of cloud computing and also existing literature on stakeholder,
resource dependency, principal agent, outsourcing, IT Governance and organizational change theories
were examined. In this chapter, the case of a large financial institution that adopted cloud based IT
services, will be analyzed using the theories described previously. The financial institution implemented a
hybrid cloud program in 2009 and it was primarily triggered by the crisis that hit the financial market in
2008. The business objectives of this move were to reduce cost, improve IT security and improve
processing capacity to meet the demands of the changed environment. The decision to move to the cloud
entailed transformations both in the business and the IT function, however changes in the IT service
model and IT governance structure, which began in 2001 enabled a smooth transition to the cloud.
When an organization decides to move to the cloud, the two common deployment models available are
public and private cloud. In a private cloud, the internal IT organization is responsible for providing the
cloud services. This entails changes in the role of the IT function within the organization - shift from IT
operations to cloud operations, change in the data center management, software development and
maintenance. This chapter aims to identify the factors that trigger the IT transformation process, the
ramifications of the change on the organizational structure, governance model and roles of individual
employees and the challenges the organization faces in the transition phase.
For the purpose of this analysis, the dynamics between the IT function and the businesses within the
financial institution have been examined and the changes that happened within these functions over a
course of 15 years have been traced.
About the organization
The large financial institution provides financial services to other institutions in the same industry. It is
one of the leading users and developers of information technology and places a huge emphasis on
technology. The organization created products and services that were heavily IT dependent for its clients
and to support this huge reliance on technology, invested a substantial portion of its operating expenses
on IT and the people who supported the function (Weill & Woodham, 2002).
Traditionally, the IT function at the financial institution was highly decentralized. A small group ran the
data center and the network, and a central development organization supported the transaction processing
system for some of the businesses. In addition, each business had its own independent IT organization,
which catered to its technology requirements. Additionally, a central IT Steering Committee comprising
of CIOs of different businesses was responsible for the enterprise wide use of IT (Weill & Woodham,
2002). Figure 3 indicates the structure of the IT function that existed within the organization.
20
Figure 3: Structure of IT organization
2001 Dot-com bubble
In 2001, against the backdrop of the Dot-com crisis that hit the IT industry, the CIO of the organization in
consultation with the CEO and other executives, started an IT centralization program to integrate the
different businesses and consolidate the disparate IT units within the organization. The main motive
behind this program was to improve the IT efficiency and also ensure that the different businesses within
the organization worked in a concerted fashion to deliver a seamless service for the clients. The new
business direction required the various IT functions within the organization to work in unison and thereby
maximize the returns from the investments made in technology. A shared IT infrastructure was believed
to reduce redundancy, cut costs and decrease time to market. The program began with the evaluation of
the existing processes within the IT function and an initial review showed that the mechanisms had to
change and a new IT governance structure, culture and IT organization structure had to be established
(Weill & Woodham, 2002).
In Figure 4, the IT Governance arrangement matrix of Peter Weill and Jeanne W.Ross has been used to
trace where some of the key decision making related to IT happened within the large financial institution.
Weill and Ross look at five types of decision-making - IT Principles, IT Architecture, IT Infrastructure,
Business Application Needs and IT Investment and six possible arrangements within the organization to
make these decisions - Business Monarchy, IT Monarchy, Federal, Duopoly Feudal and Anarchy (Weill
& Ross, 2004). Each of the decision types is further analyzed from the perspective of who provides the
inputs and who make the final decision. From Figure 3, it can be noted that the structure of the IT
organization at the large financial institution was highly distributed with very little collaboration among
the different IT teams. The businesses had complete control over their IT requirements, budget and
defining their IT priorities. Although the IT Steering Committee was involved in defining the IT
objectives and infrastructure, the businesses could override their decisions. Similar situation existed in the
case of deciding the architecture and platform to support the various IT applications within the
organization (Weill & Woodham, 2002).
21
IT
Architecture
IT
Infrastructure
I
I
n
n
I
n
p
u
t
IT Principles
p
Decision
u
t
p
Decision
u
t
nrasrucre
Business
Application
Needs
IT
Investment
jIvsmn
Decision
I
n
p
u
t
Decision
I
n
p
u
t
X
X
X
X
Decision
Business
Monarchy
IT Monarchy
Federal
X
X
X
Duopoly
Feudal
X
X
X
Anarchy
Figure 4: IT Governance Arrangement Matrix at the large financial institution (Before 2001) (Weill
& Ross, 2004)
New IT GovernanceMechanisms
To support the IT centralization program, the IT function was completely reorganized. It went from being
a decentralized system to a federated organization where the whole enterprise was supported by a
common IT department. The leadership, processes, structure and culture went through a complete change
with new entities being formed to focus on IT objectives of the businesses. To balance the enterprise wide
and business specific IT requirements, vertical and horizontal services were created (Weill & Woodham,
2002). For instance, services such as infrastructure and data management were grouped together
horizontally and controlled at an enterprise wide level and they delivered the necessary services through
an IT shared services model. IT needs that were business specific were delivered as vertical services.
Thus this initiative changed the way the business and the IT organization interacted traditionally with
each other.
The roles of the IT function with the organization could be broadly demarcated into providing IT
infrastructure support for the businesses, managing architecture standards, developing and maintaining
applications and deciding the IT investments for the enterprise. All these functions were impacted as the
financial institution tried to institutionalize a shared services model.
Figure 5 denotes the new structure of the IT function at the financial institution. With the formation of the
Shared Services model, it can be seen that the IT function came to being part of the corporate function
with IT Business Partners who served as a liaison between the corporate IT function and the individual
business units.
22
coo
Audit &Risk,
Information
fT Business
Partner
Office of
Architecture
Development
Organiza t ion
Security
Figure 5: IT Shared Services at the large financial institution
Figure 6 denotes the revised governance arrangement within the IT function. Comparing the governance
structure before 2001 and after 2001, it can be seen that the organization moved from a business unit level
to corporate level structure for IT related decision-making. Although the business held on to the power of
making the final decision, the IT leaders and executives at the corporate level were involved in the input
seeking and execution phases. However, in the years that followed the institution of the centralized IT
organization, there were instances when the business deviated from the governance structure and initiated
IT projects that were outside the ambit of the IT function
IT
IT Principles
Architecture
I
I
n
n
p
IT
Infrastructure
h
p
Decision
u
t
Business
Monarchy
IT Monarchy
u
t
c'Needs
I
n
Decision
p
u
Decision
t
Business
IT
Application
Investment
I
n
p
u
Decision
t
X
X
I
X
Decision
t
X
X
I
n
p
u
X
Federal
Duopoly
X
X
Feudal
Anarchy
Figure 6: New IT Governance Arrangement Matrix at the large financial institution (After 2001)
(Weill & Ross, 2004)
23
Going to the cloud
In 2008, the financial crisis impacted all firms in the finance industry and the large financial institution
was no exception. Under severe pressure to reduce cost and improve its services to the clients, the
management looked at options that could create additional business value. As technology was one of the
key drivers of revenue as well as cost reduction, attempts were made to improve the IT services. One of
the trends that existed in the technology market at that specific point in time was moving to cloud based
services and the large financial institution initiated a comprehensive cloud adoption program. The goals
set for cloud program were:
-
"
-
Reduced time to market of new information services
Faster information processing and risk assessment
Enhanced security through automation of transactions
Faster provisioning of capacity
Cost reduction including more efficient, lower-cost software development
As part of the cloud program, the financial institution had to initially choose the preferred deployment
model:
1. Private: In this scenario, the financial institution manages the cloud platform and the internal IT
function is responsible for the cloud operations. The upside to this option was to have direct
control over the IT system and being in a highly regulated industry, the financial institution could
ensure compliance and security of the data hosted in the cloud. The disadvantage with this option
was however to invest initially in building the skills and competence needed to manage cloud
operations, introducing a delay in the whole process.
2.
Public: In the case of public cloud, the organization could leverage the expertise and skills of a
third party vendor to manage its cloud operations and also provision cloud-based services faster
than the private cloud. The organization however had to invest time and effort in choosing the
right vendor and also negotiating the terms and conditions of the contract with the cloud service
provider. When drafting the contract special attention had to be given to ensure data security and
compliance with the standards in the financial industry by the service provider. Also appropriate
clauses for under/non performance of the accepted terms had to be incorporated in the contract.
3. Hybrid: The third choice hybrid is a combination of private and public cloud. In this option, the
organization can benefit from the advantages unique to public and private cloud deployment. For
instance, for IT services that have sensitive data and where security is a cause of concern, private
cloud services can be used and for other services and applications public cloud can be opted. Also
public cloud can be used to supplement the capacity provided by private cloud, especially when
there is a sudden surge in customer requests.
After careful consideration of the various options available, the management at the financial institution
devised a roadmap for the cloud adoption. They used a threefold approach as part of the cloud adoption
program. (1) Determining the cloud deployment model and the type of services offered through cloud (2)
Application rationalization, refactoring and outsourcing of application maintenance and (3) Removal of
desktops and using thin clients.
The cloud deployment began with the planning stage that spanned about 18 months. This time period was
used to test the readiness, security and performance of the IT infrastructure to support the cloud. This
phase enabled the organization to evaluate technologies, assess risk and discard technologies that didn't
meet the acceptance criteria. Being in a highly regulated industry, the organization finally conducted an
external review to ensure compliance with the industry standards under the new IT infrastructure.
24
Since IT formed a critical aspect of the financial institution's business the management desired a cloud
solution that enabled them to retain much of the control over the IT system. By deploying an in-house
cloud, the internal IT team was responsible for the cloud deployment and the operations and maintenance
of the cloud infrastructure thereafter. However in a few cases, depending on the needs of the business,
individual business units made use of cloud services from external vendors to meet their requirements.
Such business specific IT requirements were treated as an exception and were financed by the business
unit. Thus the cloud adoption strategy of the financial institution encompassed public and private cloud so
that the firm could leverage on the advantages provided by both the models.
Another aspect that was considered as the organization moved to the cloud is the kind of services that will
be delivered through the cloud - Software as a Service, Platform as a Service, and Infrastructure as a
Service. It can be observed that the organization under study provided IT solutions to other financial
institutions and the end users of these IT solutions were in fact customers of the other financial
institutions. Thus the model here was analogous to providing Software as a Service and most of the
services that were offered through the cloud belonged to this category.
The organization's legacy IT system comprised of 800 applications. Under the cloud adoption program,
the maintenance of these applications and the management of the data center were outsourced to third
party vendors. The internal IT team retained the development of software and new applications. This
arrangement of outsourcing the maintenance work freed up the internal IT resources and let them focus on
cloud migration and developing new applications that were compatible with the cloud infrastructure.
Additionally, the cost savings that were achieved through the outsourcing model was used to fund the
cloud program. Thus the cloud adoption could be implemented without any significant investment. Also
the organization tried to rationalize the number of applications that existed in the organization - it began
with decommissioning obsolete applications, consolidating redundant ones and refactoring certain
applications. Thus the financial institution created an optimal portfolio of applications that could be
hosted in the cloud. As of 2012, a quarter of these applications have already been moved to the cloud
whole the rest are being tested for cloud deployment.
The IT organization at the financial institution went through several changes leading up to the cloud
migration. It began with the creation of the IT shared service model followed by a shift towards
virtualization where data was managed remotely, OS was provided to the desktop users through thin
clients and users could provision resources automatically based on their requirement. Also the
development and production environments were standardized and Java was being used as the primary
language. A gold copy of all business applications was maintained and new business requirements were
added to the repository periodically. Thus the emphasis over the period between 2001-2008 was on
reusability of IT resources and applications and creating efficiencies in the IT system that translated
directly to business value.
Organizational changes in hybrid cloud deployment
The deployment of cloud had an impact on the following entities:
-
Enterprise IT
-
Business unit IT
-
Business unit operations
-
Business unit management
25
EnterpriseIT: The central IT organization was responsible for the cloud services. This brought in several
changes in the role of employees within the central IT team. Some of the traditional functions like data
center management and maintenance of existing applications were outsourced to third party vendors. The
enterprise IT team was now solely responsible for software development. However with the change in the
technology, the IT organization had to adapt to the new environment. This implied changes in IT
infrastructure, security and applications development. In addition they were also now responsible for
cloud operations rather than IT operations - (i.e.) ensuring the IT resources were delivered on demand
and at scale in a multi-tenant environment. With the dependence on third parties for data center
management and maintenance, the enterprise IT now needed the competence to deal with vendor
management. Also cloud brings in changes in the business operations and as a result the IT organization
now needed a better understanding of the business.
Business unit IT: The deployment of cloud services mandated closer interactions between the business
and the IT organization. In this regard, the IT business partner played the crucial role of being an
intermediary between the two parties. The IT business partners helped the enterprise IT team understand
the business processes, get deeper knowledge of the businesses and recognize the role IT played in each
of the businesses. At the same time the IT business partners also helped the business unit clearly
communicate their requirements to the central IT team and facilitated a smooth transition to the cloud.
Business unit operations: The cloud brought in a multi-tenant environment where businesses shared a
single instance of software or application, implying changes in the existing business processes. For
instance, businesses in the large financial institution had to standardize their development environments
and use Java as their primary language. Businesses also had to get accustomed to the notion of
virtualization and using applications and software through thin clients. This move to replace desktops
with thin clients demands adjustment from the individuals who make use of the computer systems. Using
the theory of endowment effect bias, it can be seen that when individuals are required to make alterations
to behavior that they are habituated to, it is usually met with resistance, especially when the benefits
achieved from the adjustment doesn't far exceed the behavioral changes demanded.
For instance, from the perspective of a computer user, the benefits of using software and applications
through a thin client vis-a vis an actual desktop are not clearly evident. To elaborate, some of the
advantages like improved IT efficiency and utilization of capacity are clearly not visible to the end-users.
As a result, when the end users are asked to use instances of applications and software from a common
server instead of their desktops, they do not perceive the change as beneficial to them. And as the theory
suggests, when the status quo is being challenged, humans place a higher weightage on losses than on the
gains. Thus even small changes, which the organization believes can be done easily, will be met with
resistance and can take a long period of time to get the acceptance and buy-in from the end-users. This
opposition can however be overcome through strong leadership support as well as institution of process
owners who serve as evangelists of the change program.
Business unit management: Certain proponents of cloud computing believe that cloud is an operations
model and not a new technology. The implication of the change in operations model to businesses is change in existing business process, organizational structure and culture. Cloud brings in an element of
centralization and sharing of resources - IT capacity, people. As a result, businesses that originally had
complete control over their IT management now need to get adjusted to the collaborative environment.
This change brings in issues related to control rights, security, intra organizational dependence and
governance rules.
26
Analysis using Information Systems and Organizational theories
In this section, existing theories in information systems research like stakeholder theory, resource
dependency theory and principal agent theory have been used to analyze the dynamics between the IT
function and the business due to the incorporation of cloud based services in the large financial
institution.
Resource Dependency theory
The resource dependence theory uses two factors - power and interdependence to explain the dynamics
between the two parties involved in a mutually dependent transaction (Casciaro & Piskorski, 2004). When
an organization is dependent on others for resources, it creates imbalance in power and interdependency
between the parties involved. This power imbalance and interdependency coupled with uncertainty,
creates tension and the two parties take action that reduces the risk they maybe subject to owing to the
reliance on the other. Considering the IT shared services model that was formed at the financial
institution in 2001, it can be seen that the different businesses which originally had autonomy over their
IT resources and services, were now dependent on the central IT team. With the new system that was
institutionalized, businesses that traditionally had direct control over the IT budget had to go through the
central IT Steering Committee team for their IT investments. In addition, the IT infrastructure and IT
architecture were shared at an enterprise level and businesses were encouraged to collaborate and
leverage on each other's resources rather than creating redundant ones (Davis & Cobb, 2010; Hillman,
Withers, & Collins, 2009; Pfeffer & Salancik, 2003; Ravichandran, Lertwongsatien, &
LERTWONGSATIEN, 2005; Weill & Woodham, 2002). With strong executive support at a corporate
level, collaboration among businesses and between the business and the IT organization was mandated to
leverage the specialized skills and expertise in each business unit. This created the element of
interdependence, as businesses were reliant on the expertise of IT organization to identify and provide IT
services that met their requirements. Likewise the IT organization was dependent on the businesses to get
the right requirements. As the investments were being tracked and the performance of the new technology
was measured, it was important for the IT team to elicit the right support from the business. This mutual
dependence on each other ensured the two entities collaborated with each other.
Taking a critical look at the situation where a central IT team controlled all the IT resources, the
businesses would have ceded a majority of their control and key decision-making abilities. In the large
financial institution, where IT had a direct impact on the customers and created immense value for the
business, this would imply a huge shift in power from the business to the IT organization. Keeping this in
mind, it is interesting to note the composition of the Steering Committee (SC) and the escalation
mechanisms that were created at the financial institution. The SC primarily consisted of enterprise
executives like CIO, CAO, COO and senior members leading key business units. This implies that
although a federated organization was created to manage the IT resources, the key decisions like
formulating the IT strategy, IT investments were held by the business leaders. Likewise, in defining the
standards for IT architecture, although the central architecture team was responsible for managing the
architecture and infrastructure standards across businesses, any off standard decisions were arbitrated at
the CIO, COO and business leader level. Analyzing the above situation from the resource dependency
lens, it can be noted that the business leaders were reluctant to give up their autonomy and be dependent
on the IT function to meet their requirements. To overcome the power imbalance, the decision-making
power was retained by the business and the central IT organization was responsible only for optimal
utilization of IT resources, removing redundancy and improving the efficiency of IT operations.
In a cloud environment where multi-tenancy is common, there is increased dependency between the
different businesses. As a result, new standards and processes have to be incorporated to reflect the
27
centralized and agile culture. The large financial institution used a hybrid model where in addition to an
internal private cloud, some of the businesses made use of cloud services from third parties to meet their
specific requirements. In a hybrid cloud deployment model, the engagement with a cloud service provider
increases the dependency and organizations tend to alter their structures, processes and behaviors and try
to get into mutually beneficial coalition relationships. The public cloud aspect brings in additional layers
of dependence, and organization accounts for these dependence risks by incorporating strict quality and
performance controls in the contracts. Many organizations mitigate their overdependence on a single IT
service provider by having contracts with more than one supplier.
Stakeholder theory
The stakeholder theory postulates three factors - power, legitimacy and urgency that define the salience
of the claims made by the stakeholders (Mitchell et al., 1997). In the context of the large financial
institution, the stakeholder theory can be used to understand the dynamics between the IT organization
and the businesses. Before the introduction of IT shared services, business leaders had the absolute power
to decide the IT budget and execute projects at their will. Thus it was a decentralized model with each
business unit having its own IT function and poor co-ordination between them. As a result, when a new
technology was being deployed no efforts were being taken to check the compatibility and the business
implications of having multiple IT environments.
After the new federated IT model was rolled out, there was a perceived change in the power, legitimacy
and urgency aspects of the stakeholders' claims. For instance in the new IT governance model, individual
businesses were dependent on the SC for budget approval and deciding the IT objectives for the year.
The businesses could no longer define the technology standards and the network and security support.
The IT infrastructure and architecture were controlled at the enterprise level to ensure uniformity and
consistency. Thus for any IT requirement, the business had to substantiate the legitimacy and urgency
aspects before it was approved by the shared services.
Among the three factors mentioned, power was crucial to implement any strategy. Taking a closer look at
the governance model, it can be seen that power rested predominantly with the enterprise level and
business level executives. Thus, although the IT organization possessed the legitimacy and urgency
factors, the business leaders could override them owing to the power vested in them.
The introduction of cloud-based services in 2008 however changed the dynamics, as the focus shifted
more towards an enterprise level decision-making model. The cloud necessitated increased collaboration
between the businesses and IT and there was limited opportunity for the business to override and work
around the central IT team. As the cloud operations were handled by the central IT team, they could use
their expertise to verify the legitimacy and urgency of the claims made by the business as well as the third
party and could offer their suggestions.
Outsourcing theory:
In a hybrid cloud model, an organization uses a combination of private, public or community cloud
deployment model. The large financial institution used a mix of private and public cloud. In the case of
public cloud, an organization has access to new technology and experts immediately, giving them more
time to focus on their core business processes. In addition since the organization need not develop the
new IT capabilities from scratch, they can operationalize the IT projects faster. In addition to gaining
competitive advantage over the peers, an outsourcing model helps an organization catch up to the industry
trends faster. For example, if an organization's competitors have already adopted the cloud and reaping
28
high benefits from it, the speed in deployment of a public cloud will help the organization adopt the new
system faster and obtain greater benefits.
When an organization opts for a public cloud it however faces certain issues because of outsourcing
certain IT services. The business and the IT organization do not have adequate skills in contract
negotiations and as a result they have difficulty in managing contracts. Also in terms of selecting the right
vendor for the cloud services, the business and the IT function do not have much expertise in identifying
and managing the vendors. The problem manifests when there is a need to manage different suppliers for
different IT needs - like data center management, cloud services. Thus one of the key requirements is for
the two stakeholders involved in cloud adoption process - business and IT function, to develop skills
related to vendor management and contract negotiation. This will help them resolve any conflict that
arises between the vendor and the enterprise over the course of the contract. It also helps in handling
issues that could crop up due to non-performance or under-performance of the terms agreed upon by the
vendor. One of the challenges that organizations moving to cloud face is establishing and maintaining
data standards across the different systems served through cloud. Data Standardization is an issue being
faced by many organizations in the industry, as no set benchmarks exist in the current scenario that could
be replicated across the organizations 2 .
Transaction costs:
Considering the transaction costs that are incurred in the outsourcing model, it is evident that the
organization opting for some form of public cloud needs to budget for the following costs (Rindfleisch &
Heide, 1997).
i.
Search and information costs - This is the cost incurred by the organization in choosing an
appropriate vendor for its cloud services
ii.
Bargaining costs - This is the cost involved in drafting the contracts and agreeing on the terms
and conditions between the cloud service provider and the organization
iii.
Policing and enforcing - This is the cost involved to ensure the other party abides by the terms in
the contract and in case of any non-compliance the cost associated with the legal recourse and the
damages claimed.
Principal Agent theory
Using the principal agent theory, it can be seen that the transaction costs discussed previously are
primarily due to five factors (Eisenhardt, 1989; Jensen & Meckling, 1976):
1. Outcome uncertainty: The benefits of adopting the cloud are not immediately observable and the
principal accounts for this uncertainty when considering the policing and enforcing costs.
2. Risk aversion by both principaland agent: Since the principal is dependent on a third party for its
IT services, they are concerned about confidentiality and security of the data hosted on the cloud.
The agent at the same time doesn't want to get into legal issues and as a result both parties incur
costs related to policing and enforcing.
3.
2
Extent of predicting the behavior of the agent in advance: This factor goes a long way in
choosing the vendor and hence the principal exercises sufficient due diligence to ensure it enters
into contract with the right vendor. Some of the parameters evaluated to ensure quality service
Cloud computing: Risks, Benefits and Mission Enhancement for the Intelligence Community, INSA,
March 2012
29
are: reliability of the cloud infrastructure, 100% uptime to guarantee business continuity,
accountability in case of service breakdown and high response rate for recovery. Thus the
principal incurs search and information costs to ensure the external cloud provider meets the
above conditions before making a final decision.
4. Measurabilityofthe outcome: When drafting the contract the principal and the agent negotiate on
the terms and decide upon the standards and the benchmarks for the services rendered. This
bargaining causes additional costs to the two parties.
5.
Length ofthe contract: This again is based on the terms and conditions and the standards agreed
upon in the contract; thus causing an increase in bargaining costs.
In the large financial institution case, with the introduction of the shared IT services, there was a potential
for principal agent problems between the IT organization and the businesses. The businesses being the
principal would have been skeptical in sharing all information with the IT organization because in the
changed environment it implied a loss of direct control over their IT operations. They would have
preferred to not divulge complete information and use the asymmetric condition to retain their autonomy
(Dahlman, 1979; Eisenhardt, 1989). To avoid the resulting problems, the IT Governance model was
institutionalized with clearly spelt out roles among the stakeholders and identifying the decision makers
within the system. Also processes, structures and standards were set to ensure compliance. One of the
other changes that the large financial institution did as part of its cloud program was to outsource
maintenance of existing application and data center management to external parties. The outsourcing
situation also has the potential to create principal agent problem related to security, performance and data
integrity between the enterprise IT and the third party vendor. In order to ensure compliance with the
performance standards and reduce risks, Service Level Agreements were formed. These agreements
clearly mentioned the service quality expected and the consequences in the event of any non-compliance.
Organizational change issues - Effect of endowment and status quo bias
As seen before, in the case of public cloud, some of the functions that were originally performed by the IT
organization will be moved to the external cloud provider. Existing research in behavioral economics
shows that letting go of something that an individual already possesses feels like a loss even if there is no
rationale for an attachment(Kahneman et al., 1991). In the public cloud adoption, the IT function partakes
with some of its power and control rights to the cloud service provider. In addition some of the roles and
responsibilities within the IT organization will no longer be relevant as they have been outsourced to the
external party. The latter change has a greater impact as it challenges the status quo within the IT
organization.
In addition, cloud adoption is generally characterized as a change in the operational model of the
business. This implies changes in the current business processes, organizational structure and culture, and
governance model. Plus, such changes in the strategic direction of the organization are usually taken at an
enterprise and business leadership level, causing pushbacks from employees who are directly impacted by
the transformation. Thus it is evident that the shift to cloud environment, impacts multiple stakeholders
within the organization and based on their power, their positioning within the organization and their
amenability to adopt the new IT environment, the transition to the cloud can yield different results.
Enablers of the cloud adoption program at the large financial institution
Tracing the changes that occurred in the organization, it is interesting to note that the two main changes
that happened in the IT function were driven by factors in the external environment. For instance, the
move to the IT Shared Services in 2001 was primarily triggered by the Dot com crisis which enforced
consolidation of the resources and services in the IT function. The IT Governance Arrangement that was
30
instituted gave a clear idea of where the key decisions related to IT were being made. This governance
arrangement along with the shared services concept and other structures that were instituted in 2001,
helped in the transition process to cloud in 2008, which was driven by the crisis that hit the financial
markets.
Although the governance structure and the shared services model were instituted in 2001, the new
processes started being followed only in 2008 when the cloud program was formally introduced. In the
timeframe between 2001 and 2008, the leaders and executives within the large financial institution
championed a lot of these processes and rendered their support in ensuring a smooth transition to the
cloud. The IT function that rose to prominence in this transformation process was the Office of
Architecture team, because with the introduction of cloud operations, data and process standardization
became pivotal.
From the above discussion it can be seen that the large financial institution by adopting a hybrid cloud
model was able to leverage the benefits of private as well public cloud. For instance, by using the public
cloud for unique requirements of certain businesses, the company had a shorter lead-time to realize the
benefits of cloud. An organization can also use third party cloud services to address spikes in the
workload during certain periods of the business cycle. It can be observed that the large financial
institution performed several changes as part of the cloud adoption program - outsourcing the
maintenance of application and data center management, refactoring of applications and virtualizing
desktops. It is interesting to note that cloud does not require all of these shifts to happen. However an
organization that performs some or all of these changes realize additional benefits from its cloud
deployment.
Our analysis based on the theories gave us a comprehensive picture of the challenges an organization
moving to the cloud would face. In the large financial institution case, bulk of the work was transactional
in nature, and hence centralization and outsourcing of certain services created better efficiencies. As the
advantages far outweighed the adjustments that the employees had to make to adapt to the new system,
there was no strong resistance or objection to the changes made in the IT organization. The next chapter
illustrates a systems model using the factors just discussed, to demonstrate the cloud adoption
phenomenon.
31
5. SYSTEMS MODEL OF CLOUD ADOPTION
Introduction to System Dynamics
In this chapter, the concept of system dynamics has been used to model the cloud adoption process and
interaction between the different stakeholders involved in the IT transformation process. A system
dynamics model consists of stock and flow variables and causal loops that define the interaction between
the variables. Stocks are accumulations represented using rectangle and they characterize the state of the
system (Sterman, 2000). Flow variables control the inflow and outflow rate into and outside the stock
respectively. They are represented using the valves/flow regulators in the model. The clouds represent
the source and sink and they are used to depict stocks outside the model boundary (Figure 7).
StcCk Vari-able
71
Figure 7: Components of Systems Model
Causal loops link variables and indicate the relationship between them. If two variables are connected by
a positive arrow, it implies if the independent variable increases/decreases, it has the same effect on the
dependent variable. On the other hand, a negative link implies opposite effect - that is, if the independent
variable increases, the dependent variable decreases and vice versa. The models also have loop identifiers
- reinforcing and balancing loops (Figure 8). A reinforcing loop indicates a loop where an
increase/decrease in a specific variable triggers a sequence of events that eventually results in an
additional increase/decrease in the original variable, thereby creating a reinforcing effect. A balancing
loop on the other hand, denotes a loop that has an opposite effect - an increase in a specific variable
eventually results in a decrease in the variable; and if the variable originally decreases, it results in an
overall increase in the variable(Sterman, 2000).
.-
R
Var.ablc B
Var.'able D)
0
eA
Reinforcing Loop
"o
/
Figure 8: Reinforcing and Balancing Loops
32
Systems Model of Cloud Adoption
To understand the adoption of cloud computing in organizations, causal diagrams that depict the
interactions between the different elements influencing cloud adoption have been developed. These are
conceptual models developed to demonstrate the relationship between the various factors affecting cloud
adoption. Towards the end of the chapter, a simplified model of adoption has been developed to simulate
and identify the key levers in the adoption process and the steps an organization can take to make the
transition a smooth process.
Introduction of IT Shared Services
As evidenced earlier, it can be noted that cloud brings in an element of centralization and sharing of
resources across the different entities in an organization. Having an enterprise wide IT function that coordinates and handles the technology requirements of all businesses and that facilitates collaboration and
sharing of IT resources helps in the deployment of cloud services. In addition to cost savings that occur
because of the decrease in redundant IT services, the centralization efforts help in having a common
technology platform across the different departments and enable different organizational entities to
leverage each other's IT expertise and skills. The customers of the organizations also benefit, because in a
shared service model, the central IT team is aware of the services and products offered by the different
businesses and as a result, they can provide solutions and services that create additional value to the
clients. Similar results could be observed in the case of the large financial institution where an IT Shared
Services model that was created in 2001 helped in the transition to the cloud in 2008.
Reinforcing Loop R1: Redundancy Reduction
In the system dynamics model (Figure 9), it can be observed that IT Shared Services increase
Centralization, which in turn decreases the Redundancy in IT Operations. As the
redundancy in the IT systems decline, the Efficiency of the IT Shared Services improve,
creating a positive reinforcing effect on the efficiency of IT systems and helping in wider acceptance of
the shared services concept. This acceptance is captured in the flow variable Shared Services
Adoption Rate which, in turn increases the stock IT Shared Services. However over a period
of time, some of the IT Shared Services can return to being a distributed IT system and this
outflow is captured using the variable Shared Services Erosion Rate.
33
Adopion Rate
Efticyev ofT
Shared Services
R
Cenitralization
Redundancy
Reduction!
Redundancy in :i
Opc-artons
Figure 9: Redundancy Reduction
BalancingLoop Bl: Endowment Effect Bias
The federated IT model however decreases the Autonomy of Business creating a Perception
of Loss among the business units which previously had direct control over their IT budget and
resources. This feeling of loss could decrease the Efficiency of IT Shared Services,
resulting in resistance to accept the new system in the short run and in certain cases even efforts to go
back to the older model. Thus the feeling of loss could result in a lower preference for the IT Shared
Services model thereby decreasing the Shared Services Adoption Rate (Figure 10).
Figure 10: Endowment Effect Bias
34
However one of the factors that could potentially decrease the effect of perception of loss is a strong
leadership. A clear sense of direction from the management can help in anchoring the advantages of the
new system as well as serve as beacon to navigate the organization through the transformational process.
Introduction of IT Governance Mechanisms
Balancing Loop B2: Ownership Risks
Figure 11 shows that with the Centralization of the IT resources, there is an increasing need to
institute governance mechanisms, from the perspective of executive in the internal IT organization. This
is because in a federated environment where multiple entities share the IT resources, there are increased
System Interdependencies. A fallout of this increased dependence and disappearance of clear
boundaries is the poor clarity on decision rights and ownership. This reduction in Ownership
Clarity increases Performance Risks, because a non-performance/under-performance in one part
of the organization can perpetuate to other divisions and can cause a negative impact on the overall
Efficiency of IT Shared Services.
Shared Servicc
--Amp,
Ef;icicy:c
of IT
Shared Services
4
: at
B2 i
(*
Citral Lat'1n
Owticrsluip R.--s
Perfoniance Risks
SVstcrn
meCrd ependen~ cs
Cl.tarc(
Owticr-Aip
Figure 11: Ownership Risks
Reinforcing Loop R2: Ownership Risk Mitigation
An IT governance arrangement will help in specifying, analyzing and communicating where the key IT
decision making happens within the organization (Peter Weill, Jeanne W. Ross, 2004). This will not only
help in establishing ownership and accountability in the stakeholders but also help in defining clear rules
and regulations when it comes to decision making and ensuring there is no conflict of interests among the
35
parties involved. In Figure 12, it can be seen that System Interdependencies increase the IT
Governance Introduction Rate causing the stock IT Governance Mechanisms and to
rise. As governance structures are established, the clarity on ownership and decision rights improves. IT
Governance Introduction Time is a static time value over which the IT Governance
Mechanisms are instituted within the organization.
Shared Seces1C:
Shared Services
Adop-zion- Ratc
N.r,
iRac
r
Effcincc' of IT
Shaircd S~~c.~4R2
Centralizat on
I
Performanec Risk
Vear1UXCc
:T GOv~
OT
uo'.rna.ic
Figure 12: Ownership Risk Mitigation
Based on the literature review and the large financial institution case it can be observed that the IT
Governance structure of an organization reflects who holds the power in defining the IT priorities and
developing the IT roadmap for the organization. To a certain extent this is dependent on the level of
importance of IT in the organization and to what level it contributes to the growth of the business. In the
large financial institution case, it can be seen that IT is pivotal to the success and growth of the business
in the organization and as a result senior executives of the business units handled most of the key
decision-making and the governance bodies.
Outsourcing
Cloud adoption involves various degrees of outsourcing. For instance in a public cloud deployment
model, the organization makes use of the expertise and skills of an external cloud provider. Examples of
such organizations include Netflix whose entire business services are provided through the cloud to
organizations that only store their data on the cloud in order to enhance accessibility. Another deployment
model is the private cloud. In this case, the cloud system is internal to the organization, but some
companies outsource a portion of other responsibilities of the IT organization like data center
management and maintenance of applications to third parties. This is done to cut the workload of the
employees and provide them the bandwidth to take on work that is more critical to the organization. For
instance in the large financial institution, the data center management and maintenance of older
applications were outsourced to third parties and the increased availability of the IT employees was used
to develop a private cloud. Outsourcing not only means relying on the services of a vendor external to an
36
organization, but also the services of an entity within the same organization. For instance, with the
formation of a federated IT model the businesses in the large financial institution were no longer
responsible for the IT related decision-making, but were dependent on the centralized IT team.
Another model, which is increasingly being used, is the hybrid cloud where certain IT services are hosted
in the public cloud while the rest in the cloud system internal to the organization. However in such a
scenario, it can be noted that there is a certain level of reliance on a third party for the performance of the
IT organization. In the following sections, the interaction between the two parties involved in the
outsourcing process and the impact of outsourcing on labor, cost and overall performance of the
organization are studied.
Reinforcing Loop R3: Cost Savings
One of the key motivations of outsourcing is to make use of a cheaper medium to perform the tasks
currently being done within the organization. This cost saving creates a budget surplus, which could be
used for the improvement of current IT services and investments to facilitate cloud adoption. For instance,
at the large financial institution the cost savings that were realized through the outsourcing of data center
management and maintenance were used to fund the cloud project. As seen in Figure 13, the stock
Outsourcing decreases the cost and this decrease in cost increases Outsourcing
Effectiveness further increases
The increase in Outsourcing
Effectiveness.
Outsourcing Rate, thereby creating a reinforcing effect.
ReinforcingLoop R4: Access to Experts
At the outset, cloud provides easy access to experts and to new technology in the market (Myun J Cheon,
Varun Grover and James T C Teng). Thus in the case of cloud, an organization need not go through the
process of developing skills and competence desired to move to cloud based services. As seen in Figure
13, the stock outsourcing increases the Access to Experts, which improves outsourcing
Effectiveness and creates a reinforcing effect on the Outsourcing Rate.
BalancingLoop B3: ControlRights Issues
The dependence on a third party for cloud and other IT services transfers some of the work, which was
previously done internally to the external vendor. Thus an internal stakeholder who had complete control
over the tasks done now relies on third party cloud provider. Thus with the increase in out sourcing,
a Loss in Direct Control is observed in Figure 13. This creates a perception of loss in the
mindset of the employees and could cause changes in the attitude and behavior that reflects resistance.
This perception of loss creates a negative impact on Outsourcing
decreasing the outsourcing Rate generating a balancing effect.
37
Effectiveness
thereby
KJ
~R-4
-
/5
/
/
Ak
>xe
B\
cs
-- tto.Rgt
s
L.C S
i
[
Figure 13: Impact of Outsourcing on Control Rights, Cost and Access to Experts
Labor dynamics
ReinforcingLoop R5: Labor Availability
Outsourcing, frees up bandwidth for certain employees and the organization can leverage on this
increased labor availability and use their skills for projects and tasks that are more critical to the
organization. The allocation of new work can create a positive impact in the mindset of the employees
thereby boosting employee morale and improving the efficiency of the IT organization. In the systems
model in Figure 14, it can be observed that as Outsourcing increases, the Labor Utilization
Projects. This move boosts
decreases, increasing the Labor Allocation to Critical
Effectiveness, which
Outsourcing
impact
on
has
a
positive
Employee Morale, which
creates a reinforcing effect on Outsourcing Rate.
BalancingLoop B4: Layoff'
On the other hand, the increased labor availability that resulted from outsourcing can bring down the
labor utilization. The organization, to reduce its costs can resort to downsizing efforts, which in turn
creates a negative impression among the employees. In the systems model in Figure 14, it can be seen that
as Labor Utilization increases, the Downsizing Efforts increase, which in turn decreases
the Employee Morale. This decline in Employee Morale has an opposite effect on
Outsourcing Effectiveness thereby decreasing the outsourcing Rate.
38
Thus outsourcing can create both positive as well negative influence and the final outcome depends on
which of the two dominates.
Outsourcinig Rate
Effctven
~R55
sLab
Labcz
-kvai abd:
N.
or Ut iiat'in
tv
CtS
Lavoff2
:Np
c
M
,a
Figure 14: Labor Dynamics Resulting from Outsourcing
Vendor management
BalancingLoop B5: Dependency Risk
As discussed earlier, outsourcing on one hand, brings in easy access to experts and to new
technology/software in the market (in this case cloud services). But at the same time, it necessitates
development of vendor management skills in the organization; because with the dependence on a third
party for managing cloud, the organization is at a higher risk of issues related to under/non-performance
of the external vendor. In Figure 15, it can be seen that as Outsourcing increases, the Dependence
on Contractors increase, exposing the organization to Dependency Risks. As the
Dependency Risks increase, it decreases the Outsourcing Effectiveness, resulting in a
decrease in Outsourcing Rate.
ReinjorcingLoop R6: Skill Development
To balance the exposure to risks, organizations need to develop their competence in managing vendors sourcing proposals, evaluating them and choosing the one that matches the requirements. Once the
selection is done, the organization needs to draft a contract that clearly spells out the terms and
conditions, the performance expectations and the liabilities in case of non-compliance with the agreed
upon terms. These measures will help an organization in mitigating the impact of non-performance by the
vendor. In the systems model in Figure 15, it can be seen that as the Dependence on Contractors
increase, the Training Rate, which is the degree to which organizations introduce training and
development opportunities increases. This building of skills and competence occurs over a period of time
39
called the Training Time. The end result of these training efforts is the increase in Knowledge of
Vendor Management among the employees. Equipped with the skills needed to handle third parties,
the organizations will be able to mitigate the Dependency Risks.
However the caveat here is that, these measures will help in case of risks that could have been controlled
by the vendor. But in cases where breakdown is due to extremities in the weather, the vendor cannot be
held directly responsible. In such cases, organizations spread their risks by using services from multiple
vendors. This way even if the services provided by a single vendor breaks down, the others can ensure
service continuity and reduce the risks to the organization.
Outsourcing
Rae
()J rociflg Rnr.'
Out'sourcing
51Dcwnde:cc
~Cntracterm
%
\1
'XkmC;10.%
RjkM/
Depndc'yc
Rik..
7
c1n
4
Knowlcdc ; n
Tr.aig Rate
Vecn
dor
Manacenncrt
Rl~K
Skl DskcvkPmen
Figure 15: Dependency Risks from Outsourcing
Reinforcing Loop R 7: On the Job Learning
As cloud based services are introduced in the organization, training opportunities that support the learning
process should be extended. In Figure 16, it can be seen that as Cloud IT Systems increase, the
Learning Rate of Cloud increases which results in the accumulation of Knowledge of
Cloud. This building of the necessary know-how about cloud happens over a period of time, given by
Cloud Learning Time. As the Knowledge of Cloud increases, it improves the
Effectiveness of Cloud Systems and Perceived Benefits of Cloud. This increase
in Perceived Benefits of Cloud further contributes to the increased Learning Rate of
Cloud, thereby creating a reinforcing effect.
40
C:.out c
if 17
Knowledpe o
17
Learning Rate of Cloud
Cloud Lcarnin T_111Civi~
o
On he !ob Learninu
/
Pcrcvci EdBenefits
Figure 16: On the Job Learning
Simplified Model and Simulation Results
The models illustrated above demonstrate the various factors that influence the adoption of cloud
computing and have been developed to explain conceptually the interaction between the different factors.
The aim of this study was to analyze and understand the interplay between the various factors that impact
cloud adoption, using system dynamics approach. However due to time constraints, all the factors that
were discussed previously in the conceptual models could not simulated and studied in a single model.
As a result, a simplified version of cloud adoption system dynamics model that includes impact of IT
Shared Services, Outsourcing and Knowledge of cloud has been developed. Among the different
variables that affect IT Shared Services and Outsourcing, the abstracted model considers only the final
outcome of instituting these services, captured by the variables - Efficiency of IT Shared
Services and Outsourcing Effectiveness. The abstracted model (Figure 17) has been
designed with two stocks and three key variables, to analyze and simulate the cloud adoption behavior.
The stock Adoption signifies the percentage of IT systems in the enterprise that have been moved to the
cloud and is controlled by the inflow variable Ins tall ing. As more of the IT Systems in the enterprise
are moved to the cloud, the Net Perceived Benefit of cloud increases among the employees,
resulting in an increase in the Inf luencing effect of cloud based IT services on the management. As
rate of cloud-based
Management Support increases, it has a reinforcing effect on the Ins talling
that
supports the cloud
the
management
of
the
percentage
indicates
systems. Management Support
Management Support and Impact of
initiative and varies between 0 and 1. Initial
Management Support varies between 0 and
Adoption are exogenous variables, where Initial
1 and denotes the percentage of the leadership team that supports cloud deployment initially. Impact
of Adoption is another exogenous variable and ranges between -1 and 1. It is an aggregate of the
different elements impacting cloud adoption; mathematically it can be given by the following expression
41
Impact of Adoption = Z (Knowledge of
Services, Outsourcing Effectiveness)
Cloud,
Efficiency
of
IT
Shared
ClOud Adoptioi
Nc: Pecreved Bcnefit
mpoLfCr.6Aotg
:.
:nit:ai Managemem
Su;pport
Figure 17: A Systems Model of Cloud Adoption
As seen previously, Efficiency of IT Shared Services is impacted by redundancy in IT
operations, performance risks due to system interdependencies and perception of loss by business as a
result of centralizing the IT resources. Likewise Outsourcing Effectiveness is a factor of
employee morale, dependency risks, access to experts, cost savings and loss of control rights. Thus
depending on whether the positive or the negative effects dominate, the Impact of Adoption takes
on a positive, negative or zero value. The two balancing loops in the model indicate that the cloud
adoption and the management support are finite quantities; implying as the stocks increase, the rate at
which the two stocks increase, decreases.
Simulated Results
In this section, the rate at which cloud adoption happens is studied based on changes in the impact of
adoption and initial management support. As the model is an abstraction of the complete cloud adoption
phenomenon, the simulation results are not truly reflective of the timeline and the outcomes of cloud
deployment in an organization.
To understand the rate at which cloud adoption occurs within an organization, the two exogenous
variables are changed over a range of values and the behavior of the model is studied.
42
High impact of adoption and high initialmanagement support
When the impact of adoption and the level of initial management support is high, it can be observed that
the enterprise is more willing to shift its IT systems to the cloud and the portion of the management that
originally wasn't bought into the idea is also convinced of the benefits.
Management Support
Adoption
(:.951
M25
0.5
0.9
(.8
0
0
5
0
5
20
25
30
35
40
45
(
50
5
20
25
30
Time(Monh)
15
Time (Mo:h)
35
40
45
50
Adopton: H-ightipacighSuppon
Graph 1: Behavior of Adoption when impact
of adoption high and initial management
Graph 2: Behavior of management support when
impact of adoption high and initial management
support high
support high
High impact of adoption and low management support
From the results, it can be seen that despite a low management support initially, when the impact of cloud
adoption is high, the benefits override the skepticism in the minds of employees and the move to cloud
based services is accepted. However the time taken to achieve 100% cloud adoption is longer in this case.
Management Support
Adoption
C,75
0,75
1.5/
M.
0
5
I0
.5
20
Adopon . HiPhtnp1ja.tLowSu-ppon
25
30
35
40
45
50
0
Time (Mobh)
Graph 3: Behavior of adoption when impact
of adoption high and initial management
support low
w
5
tmen
.Suppn
0
Hipt
5
30
25
20
Time (Month)
35
40
45
50
owm
Graph 4: Behavior of management support when
impact of adoption high and initial management
support low
Low impact ofadoption and high initial managementsupport
Consider a case where the impact of cloud adoption is low, but the management is highly supportive of
the initiative to deploy cloud based services. Here the adoption kicks off, because of the high support
rendered by the leadership team, however over a period of time, when the benefits achieved do not meet
the expectations of the management, their support reduces. But by this period of time, the adoption has
already reached high levels. Thus the management's delay in the realization of low benefits of cloud
results in a loss of investment for the organization.
43
Adoption
Management Support
0.75
0.5
0.251
U.25
0
5
:0
5
20
25
30
Time (Month)
Adoption . LowlipactH ighSupport
35
40
45
50
5
moangcnr
Supp
U
1
15
wa peig
20
25
30
35
40
45
50
g
Graph 5: Behavior of adoption when impact
of adoption low and initial management
Graph 6: Behavior of management support when
impact of adoption low and initial management
support high
support high
Low impact ofadoption and low initialmanagement support
With a low impact of adoption and low initial management support, the rate at which cloud systems are
installed in the enterprise slows, decreasing the total adoption of cloud systems in the organization. The
low impact of adoption further decreases the management support, thereby limiting the total percentage of
the IT systems within the organization that are moved to the cloud.
Management Support
Adoption
0.6
0.4
G.3
0.2Z
0
5
Adopton LwIpr
1035
rtLcwSuppot
20
25
30
Time (Momh
35
40
45
0
50
5
0
5
20
25
3
Tire (Momh)
35
40
45
51
-
Graph 7: Behavior of adoption when impact
of adoption low and initial management
support low
Graph 8: Behavior of management support when
impact of adoption low and initial management
support low
Thus this chapter captures the interactions and the causality between the factors influencing the cloud
adoption. Using the model, an organization can identify the key levers that impact cloud adoption and
take steps that help them bridge the gap between the current and desired states for cloud implementation.
This model can also be used to analyze the cloud readiness of organizations, determine the reasons for
facing challenges in deploying cloud services and take corrective steps.
44
6. CONCLUSION
In conclusion it can be noted that cloud adoption has far reaching effects at an organizational as well as
individual employee level. The implications at an employee level encompass both managerial and nonmanagerial.
Organizational Implications
1. Cloud purports consolidation and aggregation of the resources. An outcome of this effect is the
necessity to standardize business processes and technology across the organization to enable
seamless communication across multiple systems.
2.
Cloud adoption can support a decision to change the business model. Such a move might entail
reorganization of the entire business, so that it reflects the new business model.
3.
With the introduction of cloud services and centralization of IT resources, there is a need to
define an IT governance arrangement that clearly spells out the decision-making privileges of the
individuals and entities within the organization. The governance structure will define which
function within the organization holds the power to drive IT initiatives. Based on the Peter
Weill's IT governance matrix, it can be seen that a federal or business monarchy structure
supports the adoption of cloud.
4.
From the financial institution case, it can be observed that some firms might outsource a portion
of their current IT operations to an external vendor to leverage their expertise as well create
bandwidth for the employees within the organization to focus on operationalizing cloud.
5. With the introduction of cloud, there is an increasing need to upskill the employees on effectively
using cloud-based systems and also familiarizing them about IT shared services, virtualization,
using multiple technology platforms.
Managerial Implications
1.
The executives and leaders within the organizations should be clear about the scope and
understanding of cloud and their primary motivations of moving to the cloud.
2.
They also need to be informed about the various deployment and service models that are
available and exercise sufficient due diligence to choose the model that best suits the
organizations' requirements.
3.
The executives should serve as evangelists of the cloud program. In addition to knowing the
benefits that the organization can realize, they need to be cognizant of the challenges unique to
each deployment model. For instance in case of private cloud, although it guarantees security,
compliance and performance, the organization should have the competence needed to build and
manage an in-house cloud system. The public cloud however can introduce issues related to
dependency on third parties, security, risks of non- performance or under-performance by the
service provider and transfer of control rights. Being cognizant of these potential problems helps
the managers anticipate and take corrective actions proactively.
4.
Managers should also form centers of excellence and other program offices that handhold the
employees during the transition phase and also helps in building in the required skills and
capabilities among the employees.
5. In addition to knowing about cloud, managers should also be trained in vendor management.
45
Non-Managerial Implications
1. The non-managerial employees are not impacted much by the control rights, governance and
outsourcing issues. However in some cases, the change to cloud will be accompanied by changes
in the IT infrastructure - like replacing the physical desktops with thin clients, using virtual
servers and also interacting across multiple platforms. These demand a lot of behavioral
adjustments from the employees.
2.
The employees need to familiarize themselves with the new standards and procedures being
followed in the organization. This is especially relevant in the case of hybrid cloud, as employees
need to be cognizant of where the service or data is being hosted and what are the standards
followed in that cloud center.
3.
They also need to develop their skills in provisioning and releasing resources with minimum
interaction with the service providers.
46
7. FUTURE WORK
The causal loops developed in this paper demonstrate the relationship between the different elements that
contribute towards a smooth cloud adoption process. The variables in the model were chosen based on the
insights obtained from research articles on cloud computing, existing literature on organizational theories
and the case on the large financial institution. The model developed in the paper can be extended to
include learning curve effects within the organization. Additionally the model can also be enhanced to
examine the impact on outsourcing effectiveness if IT governance structures are not built within the
organization. Also, the conceptual models can be calibrated to understand better the impact of each
individual factor on cloud adoption. To further add dimensions to the study, additional cases can be
studied to determine challenges urnique to specific industries, business models and cloud deployment
models.
47
8. REFERENCES
Al-Qirim, N. (2012). The strategic outsourcing decision of IT and eCommerce: The case of small
businesses in new zealand. Journalof Information Technology Case and Application Research, 5(3),
32-56.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., et al. (2010). A view of cloud
computing. Communications of the ACM, 53(4), 50-5 8.
Casciaro, T., & Piskorski, M. J. (2004). Power imbalance AND interorganizational relations: Resource
dependence theory revisited. Academy ofManagement, New Orleans,
Dahlman, C. J. (1979). The problem of externality. Journal ofLaw and Economics, 22(1), 141-162.
Davis, G. F.. & Cobb, J. A. (2010). Resource dependence theory: Past and future. Research in the
Sociology of Organizations,28, 21-42.
Eisenhardt, K. M. (1989). Agency theory: An assessment and review. Academy ofManagement Review,,
57-74.
Goles, T., & Chin, W. W. (2005). Information systems outsourcing relationship factors: Detailed
conceptualization and initial evidence. ACM SIGMIS Database,36(4), 47-67.
Grover, V., Cheon, M., & Teng, J. (1995). Theoretical perspectives on the outsourcing of information
systems. JournalofInformation Technology, , 209-219.
Hillman, A. J., Withers, M. C., & Collins, B. J. (2009). Resource dependence theory: A review. Journal
ofManagement, 35(6), 1404-1427.
Jensen, M. C., & Meckling, W. H. (1976). Theory of the firm: Managerial behavior, agency costs and
ownership structure. JournalofFinancialEconomics, 3(4), 305-360.
Kahneman, D., Knetsch, J. L., & Thaler, R. H. (1990). Experimental tests of the endowment effect and
the coase theorem. JournalofPoliticalEconomy, , 1325-1348.
Kahneman, D., Knetsch, J. L., & Thaler, R. H. (1991). Anomalies: The endowment effect, loss aversion,
and status quo bias. The JournalofEconomic Perspectives, 5(1), 193-206.
Mell, P., & Grance, T. (2011). The NIST definition of cloud computing (draft). NIST SpecialPublication,
800, 145.
Mitchell, R. K., Agle, B. R., & Wood, D. J. (1997). Toward a theory of stakeholder identification and
salience: Defining the principle of who and what really counts. The Academy ofManagement
Review, 22(4), 853-886.
Pfeffer, J., & Salancik, G. R. (2003). The external control of organizations:A resource dependence
perspective Stanford University Press.
Ravichandran, T., Lertwongsatien, C., & LERTWONGSATIEN, C. (2005). Effect of information systems
resources and capabilities on firm performance: A resource-based perspective. Journalof
ManagementInformation Systems, 21(4), 237-276.
Rindfleisch, A., & Heide, J. B. (1997). Transaction cost analysis: Past, present, and future applications.
The JournalofMarketing, , 30-54.
Samuelson, W., & Zeckhauser, R. (1988). Status quo bias in decision making. JournalofRisk and
Uncertainty, 1(1), 7-59.
Sterman, J. D. (2000). Business dynamics: Systems thinking and modelingfor a complex world
Irwin/McGraw-Hill Boston.
Thaler, R. H., Tversky, A., Kahneman, D., & Schwartz, A. (1997). The effect of myopia and loss aversion
on risk taking: An experimental test. The QuarterlyJournal ofEconomics, 112(2), 647-661.
Tversky, A., & Kahneman, D. (1991). Loss aversion in riskless choice: A reference-dependent model.
The QuarterlyJournalofEconomics, 106(4), 1039-1061.
Weill, P., & Ross, J. W. (2004). IT governance on one page. CISR WP, 349, 2.
Weill, P., & Woodham, R. (2002). State street corporation: Evolving IT governance.
Wernerfelt, B. (1984). A resource-based view of the firm. StrategicManagement Journal,5(2), 171-180.
48
Wernerfelt, B. (1995). The resource-based view of the firm: Ten years after. Strategic Management
Journal,16(3), 171-174.
49